8 matches found
EUVD-2026-32726
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
PT-2026-44197
Name of the Vulnerable Software and Affected Versions RPM affected versions not specified Description A command injection issue exists in the rpmuncompress utility. When extracting ZIP, 7z, or GEM archive formats to a destination directory, the tool fails to sanitize the top-level folder name...
USN-7030-1 py7zr vulnerability
It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...
7-Zip Number Error Vulnerability
7-Zip is a compression software. A numeric error vulnerability exists in 7-Zip version 22.01 and earlier, which stems from allowing integer underflow and code execution via a carefully crafted 7Z archive...
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' Seven...
GHSA-7HFM-57QF-J43Q Excessive Iteration in Compress
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...
OESA-2021-1294 p7zip security update
7za for Linux system to archive file as 7z file format Security Fixes: Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service out-of-bounds write or potentially execute arbitrary code via...
Apache Commons Compress 安全漏洞
Apache Commons Compress is a library from the Apache USA Foundation for processing compressed files. A security vulnerability exists in Apache Commons Compress, which stems from the fact that constructing a list of decoders to decompress entries may result in an infinite loop when reading a...